The following WebSecurityConfig will configure all the necessary filters required to protect the resource endpoints:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws 
     Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws 
    Exception {
        return super.authenticationManagerBean();
    }

}

In the configure(AuthenticationManagerBuilder auth) method, it has UserDetailsService configured using an injected bean UserDetailsService, which is injected. As our UserService already implements this interface, it will be injected into this.